• sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    8
    ·
    8 months ago

    I posted this in the other thread, but I’ll repost here for discussion:

    Ew. I looked through the bill, and here are some parts I have issues with:

    Main text

    PROHIBITION OF FOREIGN ADVERSARY CON - TROLLED APPLICATIONS .—It shall be unlawful for an entity to distribute, maintain, or update (or enable the distribution, maintenance, or updating of) a foreign adversary controlled application by carrying out, within the land or maritime borders of the United States, any of the following:

    (A) Providing services to distribute, main- tain, or update such foreign adversary con- trolled application (including any source code of such application) by means of a marketplace (including an online mobile application store) through which users within the land or maritime borders of the United States may access, maintain, or update such application.

    (B) Providing internet hosting services to enable the distribution, maintenance, or updating of such foreign adversary controlled application for users within the land or maritime borders of the United States.

    So basically, the US can block any form of software (not just social media) distributed by an adversary county for pretty much reason, and it can block any company providing access to anything from an adversary.

    Definition of "controlled by a foreign adversary"

    (g) DEFINITIONS .—In this section:6 (1) CONTROLLED BY A FOREIGN ADVERSARY .— The term ‘‘controlled by a foreign adversary’’ means, with respect to a covered company or other entity, that such company or other entity is–

    (A) a foreign person that is domiciled in, is headquartered in, has its principal place of business in, or is organized under the laws of a foreign adversary country;

    (B) an entity with respect to which a for- eign person or combination of foreign persons described in subparagraph (A) directly or indi- rectly own at least a 20 percent stake; or

    © a person subject to the direction or control of a foreign person or entity described in subparagraph (A) or (B).

    The adversary countries are (defined in a separate US code):

    • N. Korea
    • China
    • Russia
    • Iran

    So if you live in any of these or work for a company based in any of these, you’re subject to the law.

    foreign adversary company definition

    (3) FOREIGN ADVERSARY CONTROLLED APPLI - CATION .—The term ‘‘foreign adversary controlled application’’ means a website, desktop application, mobile application, or augmented or immersive technology application that is operated, directly or indirectly (including through a parent company, subsidiary, or affiliate), by—

    (A) any of—

    (i) ByteDance, Ltd.;

    (ii) TikTok;

    (iii) a subsidiary of or a successor to an entity identified in clause (i) or (ii) that is controlled by a foreign adversary; or

    (iv) an entity owned or controlled, di- rectly or indirectly, by an entity identified in clause (i), (ii), or (iii); or

    (B) a covered company that—

    (i) is controlled by a foreign adversary; and

    (ii) that is determined by the President to present a significant threat to the national security of the United States following the issuance of—

    It specifically calls out TikTok and ByteDance, but it also allows the President to denote any other entity in one of those countries as a significant threat.

    So here are my issues:

    • I, as a US citizen, can’t choose to distribute software produced by an adversary as noted officially by the US government - this is a limitation on my first amendment protections, and I think this applies to FOSS if the original author is from one of those countries
    • the barrier to what counts is relatively low - just living in an adversary country or working for a company based on an adversary country seems to don’t
    • barrier to a “covered company” is relatively low and probably easy to manipulate - basically needs 1M active users (not even US users), which the CIA could totally generate if needed

    So I think the bill is way too broad (lots of "or"s), and I’m worried it could allow the government to ban competition with US company competitors. It’s not as bad as I feared, but I still think it’s harmful.

    Anyway, thoughts?

      • Dlayknee@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        8 months ago

        Well c’mon, if they write a legit privacy bill it’s going to hurt their Stateside vectors. This way, they can tout “yay security!” while funneling more traffic to Instabookapp where they can still access it.

    • Asafum@feddit.nl
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      2
      ·
      8 months ago

      and I’m worried it could allow the government to ban competition with US company competitors.

      I want to give the benefit of the doubt and say they are concerned about getting programs running all over the country that can somehow “backdoor” a major issue into our network, but I not only don’t know enough about how feasible that is, I also strongly believe it’s as you feared. It’s what we get the government to do all the time: fuck with other countries to “protect” our major corporations…

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        1
        ·
        8 months ago

        Why give them the benefit of the doubt? Look at Snowdon"s revelations, they abused FISA courts to rubber stamp spying on US citizens. Why wouldn’t they do the same for lobbyists?

        I get that TikTok sucks for all manner of reasons, but expanding the power of the executive branch isn’t the way to deal with it, especially this way. This is pretty similar to the “force authorization” crap where the President can just bomb whoever the want, provided they let Congress know afterward. But now it’s in the economy instead of just military…

        So no, I’m not giving them the benefit of the doubt, they’ve lost my trust every other time they’ve done something like this. The bill is bad and the precedent is sets is bad.

    • Dark Arc@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      8 months ago

      I think you should check out this article in The Atlantic, it goes into the history of the US government’s previous laws to protect against foreign propaganda and manipulation of the media. What you’ll find is this is more of an update (to catch up with the internet era) than a revamp of US domestic policy.

      https://www.theatlantic.com/ideas/archive/2024/03/tiktok-bill-foreign-influence/677806/

      Also a key point I think you’re missing here:

      but it also allows the President to denote any other entity in one of those countries as a significant threat

      The president can only do this for apps from the countries covered in the US code as Foreign Adversaries, which means the president can act quickly against threats, but this is a bad avenue for attacking competition in other friendly countries (e.g., shutting down Proton would require congress to pass a law that Switzerland is a foreign adversary – which would not be good for relations – AND a law specifically targeting Proton accompanying that or the president to then act against Proton).

      All of this is still subject to judicial review as well.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        What does the judicial review process look like? Because the bill only states (unless I missed it) that the President needs to give notice to Congress.

        What it looks like is if China or Russia has a competitor to a US product (say, Yandex or Baidu), a US company (say, Google) could lobby the President to mark them as a threat and ban them from the US. The product doesn’t need to actually have the capacity to cause harm, it just needs to be from one of the adversary countries (currently China, Russia, N. Korea, and Iran).

        It’s not as bad as it could be, but I think it misses a lot of the point here.

        • Dark Arc@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          Just the standard “you can sue if you think this is unfair and have your day in court.”

          What it looks like is if China or Russia has a competitor to a US product (say, Yandex or Baidu), a US company (say, Google) could lobby the President to mark them as a threat and ban them from the US. The product doesn’t need to actually have the capacity to cause harm, it just needs to be from one of the adversary countries (currently China, Russia, N. Korea, and Iran).

          This is true, but it’s also pretty unlikely. Even TikTok is just a vine ripoff, but a vine that was successfully monetized.

          There really hasn’t been much to come out of our “foreign adversaries” that I think most people would care about. If that’s the price we have to pay … I’m not the least bit worried about it really.

          Furthermore, China is happy to use public money to back companies (as a sort of “state run venture capital”); that is a threat to competition in the same way venture capital is a threat to competition.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            8 months ago

            But is it worth the potential for abuse?

            Google and Facebook certainly stand to benefit here since TikTok is a direct competitor. That doesn’t mean we shouldn’t ban TikTok (I’d like to see some evidence from the FBI though), but it means we should scrutinize the bill to see if there are undesirable parts to it.

            Likewise, I think this bill could be used against companies with Chinese investment, like anything Tencent investment (e.g. Fortnite, League of Legends, etc). That’s obviously not the target, but I think it could be used to get those banned from the US.

            So I’m worried about this bill. Maybe I’m misreading it (I hope so), and it doesn’t seem as bad as some people claim, but I do think it’s problematic.

            • Dark Arc@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              8 months ago

              Likewise, I think this bill could be used against companies with Chinese investment, like anything Tencent investment (e.g. Fortnite, League of Legends, etc).

              IANAL but I believe that would not be covered under this bill. Those games are run by American companies with foreign investment.

              Maybe when it gets to the point where the foreign power is the majority shareholder. However, I think in a publicly traded company they’d just be forced to divest and that would likely take a different law.

              • sugar_in_your_tea@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                8 months ago

                Here’s what I read in the bill:

                Division H, (g)(1)

                (1) CONTROLLED BY A FOREIGN ADVERSARY.—The term “controlled by a foreign adversary” means, with respect to a covered company or other entity, that such company or other entity is—

                (A) a foreign person that is domiciled in, is headquartered in, has its principal place of business in, or is organized under the laws of a foreign adversary country;

                (B) an entity with respect to which a foreign person or combination of foreign persons described in subparagraph (A) directly or indirectly own at least a 20 percent stake;

                So if someone from an adversary country directly or indirectly owns at least 20% of the company, which I’m pretty sure applies to what I’ve said.

                But the text needs to apply to a “covered company,” which is intended to focus on social media, but here’s the text:

                Division H, (g)(2)

                A) IN GENERAL.—The term “covered company” means an entity that operates, directly or indirectly (including through a parent company, subsidiary, or affiliate), a website, desktop application, mobile application, or augmented or immersive technology application that—

                (i) permits a user to create an account or profile to generate, share, and view text, images, videos, real-time communications, or similar content;

                (ii) has more than 1,000,000 monthly active users with respect to at least 2 of the 3 months preceding the date on which a relevant determination of the President is made pursuant to paragraph (3)(B);

                (iii) enables 1 or more users to generate or distribute content that can be viewed by other users of the website, desktop application, mobile application, or augmented or immersive technology application; and

                (iv) enables 1 or more users to view content generated by other users of the website, desktop application, mobile application, or augmented or immersive technology application.

                So if you have more than 1M monthly active users and allow users to share and view text, images, video, etc with at least 1 person, then you’re a covered company. I’m pretty sure that could apply to many things outside of social media.

                There’s an exclusion in (g)(2)(B) for “product reviews,” so maybe EGS is safe, but I’m not sure because the primary purpose of EGS isn’t reviews, it’s selling games.

                However, the above are merely qualifiers, so it must also satisfy section (g)(3), which states either:

                • A - is related to ByteDance or TikTok (mentioned by name)
                • B - the President decides it’s a threat to national security

                So Fortnite, LoL, etc wouldn’t be caught immediately by the law like TikTok is because they haven’t been specifically mentioned, but I think they quality, so they could be impacted if the President thinks they’re a threat to national security. And the burden of proof there is pretty minimal, the President just submits notice to Congress at least 30 days before doing anything about it. If Congress is already in board (lobbyists and whatnot), that won’t be an issue.

                For timing, you have 165 days from when this law takes effect or 90 days from any action under this law. So here’s a scenario:

                1. President publicly notifies Congress that it’s considering marking Fortnite as a threat to national security - juicy bits sealed in a classified annex
                2. 30 days later, the President publicly determines Fortnite is a national security threat
                3. 90 days later, the statute of limitations has passed, and the President instructs the Attorney General to issue fines through the appropriate district court

                My understanding is that if the company doesn’t challenge the initial public notice (2), they could lose their ability to fight the fines in the courts. So the question is, how much leeway does the President have to obfuscate that so the lawyers miss it? Is it sufficient for the President to post to that White House website?

                This scenario is pretty unlikely, but it’s just a small bill change away from being a lot easier to sneak through (like making the public notice optional).

                The bill is not nearly as bad as I thought it would be (earlier versions were worse), so it’s likely this will only apply to TikTok for now. But I’m worried about giving the President so much autonomy here. There’s no requirement that the company or app is actually harmful, just that the President decides it’s a threat. Oh, and I could probably be fined if I distribute TikTok or similar from a personal website after this bill goes live, though I think I can share a link for them to download it, provided the servers aren’t hosted by me and are hosted in another country.